The problem can be corrected by upgrading the affected package toversion 2.6.8.1-16.27 (for Ubuntu 4.10), 2.6.10-34.11 (for Ubuntu5.04), or 2.6.12-10.26 (for Ubuntu 5.10). After a standard systemupgrade you need to reboot your computer to effect the necessarychanges.

Details follow:

Doug Chapman discovered a flaw in the reference counting in thesys_mq_open() function. By calling this function in a special way, alocal attacker could exploit this to cause a kernel crash.(CVE-2005-3356)

Karl Janmar discovered that the /proc file system module used signeddata types in a wrong way. A local attacker could exploit this to readrandom kernel memory, which could possibly contain sensitive data likepasswords or private keys. (CVE-2005-4605)

Yi Yang discovered an off-by-one buffer overflow in the sysctl()system call. By calling sysctl with a specially crafted long string, alocal attacker could exploit this to crash the kernel or possibly evenexecute arbitrary code with full kernel privileges. (CVE-2005-4618)

Perceval Anichini found a buffer overflow in the TwinHan DSTFrontend/Card DVB driver. A local user could exploit this to crash thekernel or possibly execute arbitrary code with full kernel privileges.This only affects Ubuntu 5.10. (CVE-2005-4639)

Stefan Rompf discovered that the dm-crypt module did not clear memorystructures before releasing the memory allocation of it. This couldlead to the disclosure of encryption keys. (CVE-2006-0095)

The SDLA WAN driver did not restrict firmware upgrades to processesthat have the CAP_SYS_RAWIO kernel capability, it just required theCAP_NET_ADMIN privilege. This could allow processes with the latterprivilege to update the SDLA firmware. Please note that this does notaffect a standard Ubuntu installation, and this cannot be exploited bya normal (unprivileged) user. At most, this flaw might be relevant forinstallations that use a fine-grained capability granting system likeRSBAC, cap_over, or grsecurity. This only affects Ubuntu 4.10.(CVE-2006-0096)